Device Access certificates

Deploy Device Access certificates with Simple Certificate Enrollment Protocol (SCEP) through your mobile device management (MDM) software. They grant access to specific API endpoints and identify the device making the calls.

Before you begin

• Certificates for Device Access are separate from the certificates used for managed device attestation. See Configure a Certificate Authority for more information about management attestation.

• Device Access certificates are required to implement Desktop Password Sync on devices running macOS 14 Sonoma and later. See Configure Desktop Password Sync for macOS 14 .

Tasks

• Configure your Certificate Authority for Device Access. You can use Okta as a CA or use your own:

  • Use Okta as a CA for Device Access

  • Use your own CA for Device Access

• Verify certificate deployments

Related topics

Configure a Certificate Authority

Client certificates

Management attestation FAQ